Portable electronic door opener device and method for secure door opening

ABSTRACT

A portable computing device for opening a door (an electronic door opener) and a method for its use is disclosed. The computing device has a shared secret key, a standard certificate, means for communicating with the door, and a processor adapted for performing operations with shared secret keys and standard certificates. The door also possesses the same shared secret key. Under normal operation, messages encoded with the shared secret key serve to establish a right to open the door. The portable computing device&#39;s standard certificate is used to respond to occasional challenges by the door, and to generate the shared secret key. Biometric capabilities of the portable computing device add an additional layer of security in screening the identity of the user of the device. A security system for controlling access, involving a first plurality of computing devices and a second plurality of doors, and operating based on shared secret keys and occasional challenges is also disclosed.

FIELD OF THE INVENTION

The present invention relates to controlling secure passage throughdoors with the use of electronic encryption techniques.

BACKGROUND OF THE INVENTION

Permitting access through a door to the right person while keepingunwanted ones out is a common problem. There is always a tradeoffbetween security, that is to make sure that no one unauthorized enters,and the burden that is imposed in difficulty and time on the rightpersons to prove their identity for entering. Such problems are in thegeneral domain of doors and keys.

SUMMARY OF THE INVENTION

Currently people carry several keys, typically one key per door, theyhave access to. In addition, if more than one person has access to aparticular door, each person has an identical copy of the same key. Oneother issue with the current door and key mechanism is that one of thekey holders may duplicate the key and give it to a third party. In thiscase, an unauthorized party may obtain access to a door merely bycolluding with one authorized person. Further, when such a copy has beenmade, a person may have access to the door even when their authorizationis revoked, i.e., their key is taken back.

In view of such needs the present invention discloses a device andmethod whereby physical keys are replaced with electronic keys which arestored in an electronic door opener device, which can be called aportable computing device, such as a badge or a wristwatch.

The present invention is to create a separate electronic key (sequenceof bits) for each device-door pair and store these keys on the mobiledevice carried by the user. The door also holds a set of these sharedsecret keys, one per each authorized user/device. As part of the accessverification process the user has to prove that he/she has the key inquestion. This can usually be done without revealing the key. In anexemplary embodiment the door will send a random number encrypted usingthe shared secret key, and the user's device will have to decrypt themessage to find the random number, increment the number and send itback.

Using standard techniques based on public/private key encryptionroutinely can afford better security than shared secret based schemes ,but operations involving private keys tend to be slow, especially whenrun on a device with limited computing capabilities, resulting inpotentially unacceptable delays in the opening of doors. Schemes thatuse a shared secret key approach are much less computationallyintensive. Such shared secret based authentication schemes can beexecuted rapidly on devices with limited computation capabilitiesenabling the user to quickly authenticate and open the door. The problemwith shared secret based schemes is that if the same key is used for toolong an attacker may discover the shared secret. In other words sharedsecrets become stale with use.

So the normal way of combining faster shared secret based schemes withmore secure private-public key mechanisms is to use private-publicmechanisms to establish a shared secret key which is then used forfuture communication. The shared secret key itself is periodicallychanged using an agreed upon protocol.

In addition, certificates issued by trusted third parties bind a user'sidentity to particular public key. When a user presents the certificateand also proves that he or she possesses the private key correspondingto the certified public key, the user proves his or her identity to thedoor, so long as the door trusts the third party who issued thecertificate.

This invention discloses a scheme for users to prove their identity todoors quickly, mostly using shared secret schemes, instead of the slowpublic-private key mechanisms so that the delays in the opening of thedoors is minimized. In addition this scheme limits the amount of datathat has to be exchanged between the door and the computing device (dooropener device).

Assuming that the electronic door opener (computing device) has a set ofshared secret keys corresponding to different doors, and similarly thedoor has a set of secret keys corresponding to different users, thecomputing device and the door must be able to identify each other tofigure out which shared secret key to use for their communications. Onecan accomplish this by the help of a standard certificate, which has theidentifying information of the party concerned. To speed upcommunication, each party may retain copies of the certificates. In thiscase it is sufficient to exchange smaller hashes of the certificates.The hash code is used to find the certificate which then identifies thecommunicating party, and then locate the key in question. Optionally,each party may at random choose to challenge the other to prove thatthey indeed hold the private key corresponding to the public key that ispart of their certificate in order to protect against attacks that seekto find out the shared secret. When a challenge is issued, the processof opening the door takes additional time since the computing devicewill have to perform public-private key computations. However, since theproblem of one door sharing its shared secret keys with another door isnot a significant danger, one can relax the requirement of certificatesfor doors. Doors can have simple identifiers that are sent to theelectronic computing device in the clear. Computing devices (dooropeners) can also have separate identifiers that are sent in the clear.However, since they have to have certificates anyway, hash codes of thecertificates naturally give individual identifiers without the overheadof administration.

The advantage of the shared secret key communication is that private keyoperations need only be done at setup time, or during the randomchallenge. From an usability perspective, in the frequent cases it isacceptable for the door entry authorization to take up to a few secondsat most, which is generally insufficient to perform asymmetric key basedoperations, especially on low cost processors, such as the computingdevice might be capable of having.

In some exemplary embodiments a further layer of security can beachieved by adding a biometric device, such as a fingerprint reader, tothe computing device. In such a case the private key corresponding ofthe certificate is stored encrypted on the computing device, where abiometric is the encryption key. In order to perform a private keyoperation the mobile device needs the user to scan his/her biometric in,thereby being able to create the biometric key needed for decryption ofthe private key.

Accordingly, it is the object of the present invention to teach acomputing device (an electronic door opener) set up for secure sharedsecret key based identification, backed up by a standard certificate.

It is a further objet of the present invention to teach the method togain secure access to doors using secure shared secret key operations.

It is also a further object of the present invention to teach a securitysystem for controlling access involving a plurality of doors and aplurality of computing devices.

It is yet another object of the present invention to teach theidentification of not only a computing device, but that of the userthrough the use of biometry.

The present invention also teaches a computer program of instructionsfor executing a computer process performing the steps of secureunlocking of a door based on a shared secret key, as encoded in acarrier wave, such as an electromagnetic wave.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features of the present invention will become apparentfrom the accompanying detailed description and drawings, wherein:

FIG. 1 shows the schematic of an exemplary embodiment of the secureelectronic door opener (computing device), the door, and theiroperation;

FIG. 2 shows a diagram outlining the secure door opening method; and

FIG. 3 shows a symbolic representation of a security system forcontrolling access.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 shows the schematic of an exemplary embodiment of the securecomputing device, the door, and their operation. The computing device100 communicates with a door 110. The computing device (the electronicdoor opener) has sufficient computing power to enable it to executecryptographic operations, such as dealing with standard certificates andshared secret keys, but it should remain sufficiently simple in order tokeep its price under control. The computing device 100 also has a memorywith sufficient capacity to store as many door identifiers as needed, aswell as at least one standard certificate. The means of communicationare in a form of a carrier wave 150. For one ordinarily skilled in theart many means of such communication is familiar. The carrier wave inrepresentative embodiments is electromagnetic in its origin; it can beof a wide variety of wavelengths, from radio to ultraviolet and beyond.Alternatively the carrier wave might be of material characteristics,such as, for instance, a sound wave. The specifics of the carrier waveare not important from this invention's point of view. It is importantthat the carrier wave embodies a computer data signal which encodes thecomputer program of instructions executing the computer processperforming the steps for secure unlocking of the door 110 based on ashared secret key scheme between the computing device (the electronicdoor opener) 100 and the door 110.

FIG. 2 shows a diagram outlining the secure door opening method. Themethod typically starts with the user who is using the computing device100, to approach the door 110. The computing device is equipped with aprocessor which is adapted for performing operations with shared secretkeys and standard certificates. In the normal course of operation thecomputing device has in its possession a first copy of a shared secretkey, and a first standard certificate. The computing device sends 210 adevice identifier, a type of ID which identifies the specific computingdevice to the door. In the normal operation the communicated ID can be ahash of the first standard certificate in the computing device'spossession. A hash code is typically a byte string of fixed length thatis independent of the length of the message that is computed using amutually agreed upon hashing algorithm. The hash has the property thateven if one bit changes in the message the hash changes. Also given ahash value, it must be difficult to create a message that will hash tothat specific value. Hashing algorithms, such as MD5, SHA-1, and othersare known in the cryptographic arts. By sending a hash of thecertificate, instead of the certificate itself, the computing devicesaves in needed communication, and thus it saves time. The door receivesthe communication from the computing device 220 and checks if it canrecognize the hash. If the hash code of the computing device isrecognized, the door makes a decision whether to issue a challenge tothe computing device 230. In the normal course if activities, the doordoes not issue a challenge and proceeds by communicating to thecomputing device a door identifier and a message 240. In arepresentative embodiment the door possesses a second standardcertificate, and the door identifier is a hash code of the secondstandard certificate. Alternatively, since the problem of one doorsharing its keys with another door is not a significant danger sincedoors are in position to grant access if they so “desire” anyway, onecan relax the requirement of certificates for doors. Doors can havesimple identifiers that are sent without encryption, in the clear, inorder to help the computing device identify the door and the sharedsecret key corresponding to the door.

Once the door has identified the door opener device, it identifies theappropriate secret key they share. At this point the door also sends amessage which is encrypted with a second copy of a shared secret key,with the first copy being supposedly in the possession of the computingdevice. The door has chosen this particular shared secret key becausethis shared secret key was associated with the device identifier that ithas just received. Accordingly, the use of the second copy of the sharedsecret key for encrypting the message resulted from recognizing thedevice identifier transmitted by the computing device. The messageitself can be practically anything. In a typical embodiment the messagethe door can send is a random number encrypted using the door's copy, asecond copy, of the shared secret key. The computing device will bereceiving the door ID and the message and will have to attest that itcan decipher the message 250. The computing device must recognize thedoor's identifier. This recognition will tell the computing device whichof the plurality of shared secret keys to use to decrypt the message ofthis particular door. The computing device will use its first copy ofthat shared secret key for decrypting the message which resulted fromrecognizing the door identifier that was just transmitted. Typically thecomputing device holds a plurality of shared secret keys, with eachshared secret keys pertaining uniquely to a different door, since it isuseful if the portable computing device is capable of opening aplurality of doors. Once the door's message has been decrypted with thefirst copy of the right shared secret key the attesting of thedecryption can be a trivial matter. For instance, in a typicalembodiment when the door sends a random number, the computing device canattest by incrementing the number by one and retransmitting it to thedoor. One skilled in the art, however would recognize many otheralterative schemes for exchanging messages with shared keys. Having thusanswered to the door's satisfaction, the door will open.

On randomly selected occasions, not too often because of userinconvenience associate with the longer time it takes, the door willissue a challenge to the computing device 270, after having received thecomputing device's identifier. To be sure that the door is dealing withthe right computing device and not a cheat, which has only gotten holdof the device's identifier and somehow discovered the shared secret, thedoor demands a demonstration that the computing device indeed possessesthe private key belonging to the standard certificate which thecomputing device is supposed to have. The challenge is proceeding inmanners known in the art. The door sends a message encrypted with thepublic key of the device's standard certificate, and the computingdevice has to decode it with its private key 280, thereby demonstratingpossession of a private key part of the first standard certificate.Again, in a typical embodiment the challenge message can be a randomnumber, and the answer an increment of the number. Upon the properanswer the method reverts to the usual track 240 of exchanging messageswith shared secret keys. Additionally at this point, the door and thedoor opener (the computing device) may generate a new shared secret key.If any of these exchanges are unsuccessful, of course, the door refusesto open.

In an exemplary embodiment of the invention one can additionally makesure that when a challenge is issued not only the right computing deviceis the one trying to open the door, but that the user who is using thecomputing device is the rightful owner of the computing device. Ingeneral every individual can have a unique biometric identifier, whichwhen expressed in a digital form can be turned into a digital biometrickey. This biometric key typically would be a digital sequence of numbersunique to a certain individual. For instance, the biometric key might bebased on the fingerprint of the individual. In this embodiment theprivate key corresponding of the first standard certificate on thecomputing device is stored encrypted, where the encryption key is afirst biometric key belonging to the rightful owner of the computingdevice. The computing device is further equipped with a biometricdevice, such as a fingerprint reader. Upon receiving a challenge fromthe door to prove the existence of the private key belonging to thefirst standard certificate, the computing device can only successfullyanswer if the biometrically encrypted private key is decrypted. Thecomputing device is capable of generating a second biometric key withits biometric device by taking a reading of the user who is using thecomputing device. The computing device will attempt to decrypt theencrypted private key part of the first standard certificate using thisnow generated second biometric key. If the first and second biometrickeys are identical, the decryption using the second biometric key willbe successful, and the challenge can be responded. The first and thesecond biometric keys will only be identical if the user is the rightfulowner of the computing device. This adds an additional layer of securityas shown in FIG. 2 with box 290. The arrows leading to and from box 290are dashed, indicating the optional nature of the biometric steps.

If, after the initial contact by the computing device 210, the door doesnot recognize the device identifier 220, it interprets it that thisparticular computing device at this moment is not authorized to open thedoor. It is possible, however, that the device belongs to a user whichis authorized to open the door, but has not as yet set up the properframework for identification. In an exemplary embodiment, for such acase the initial set up of the device and user can proceed along similarlines as the challenge 225.

The shared secret keys between the doors and the users themselves can beestablished using a scheme similar to the random challenge. At any giventime, the door may contain a list of allowed users. Subsequently whenthe user approaches the door for the first time, the user's portabledevice will present a device identifier, typically a hash of itscertificate. The door will not have a secret key, nor a certificatecorresponding to the presented device identifier. So the door willchallenge the user's device for a full public-private key operation. Theuser's mobile device will then present its certificate. The door willverify that the certificate is signed by a third party it trusts. Thenit will verify that the identity in the certificate corresponds to aperson who is on the list of allowed users. Next it will ask the user'sdevice to prove that it holds the private key corresponding to thepublic key that is part of the certificate. Once the user's device isable to offer this proof, the door and the device establish a sharedsecret key 225. Typically the door may generate a random key that itwill send to the user's device encrypted using the user's public key. Ifthe user's device is able to decrypt the message and send something tothe door using the random key that the door has just created, the user'sdevice has both proved to the door that it has the corresponding privatekey and it also now has the shared secret key that is to be used in thefuture. Subsequent authorizations use the shared secret key. The doorwill save the secret key it exchanged with the device, the user'scertificate and the device identifier, so that the key can be found whenthe user's device presents the hash of its certificate the next timearound. Just as for the random challenge 230, one can further augmentsecurity by ascertaining that the user is the rightful owner with theuse of biometry 290. Of course if the door does not find the identity inthe certificate on the its list of allowed users, the door refuses toproceed.

In an alternate embodiment a supervisor may do the initial set up of allthe computing devices and doors, in which case the door would not have alist of allowed users that have not set up their devices as yet. In thisembodiment if the door does not recognize the device identifier, it willalways refuse entry without further activity.

The shared secret key of which a first copy is with the computing deviceand second copy with the door, can be replaced on occasion, for instanceafter a successfully answered challenge. During such replacements,similarly to when the first shared secret key was originally generated,it can be done in the following manner. The shared secret key is arandom sequence of bits that the door generates. The door and thecomputing device set up a secure connection using the public key that ispart of the computing device's standard certificate and the door sends afirst copy of this shared secret key to the user's device over thesecure channel that has been set up in this manner. Thus, the sharedsecret key is generated by the door and exchanged with the electronicdoor opener (the computing device) using a public key part of the firststandard certificate.

FIG. 3 shows a symbolic representation of a security system forcontrolling access. The security system involves a first plurality ofdoors 110 a. . . 110 f and a second plurality of portable computingdevices for opening doors 100 a. . . 100 d. The doors and the computingdevices have means for communicating with each other, allowing sendingof signals between any device and any door, as is illustrated by carrierwaves 150 showing door 110 b and computing device 100 c in a signalingstate. The dotted lines 310 indicate the relations between the doors andthe computing devices, by connecting computing devices with those doorthat they are allowed to open. In FIG. 3, for illustration and example,device 100 b is authorized to open doors 110 b, 110 c, and 110 f, while,for instance, device 110 d can open doors 110 a, 110 b, and 110 f.Looking from the door's side, FIG. 3 illustrates that, for instance,door 110 c is opened only by device 100 b, while door 110 b by devices100 a, 100 b and 100 d, and door 110 f by devices 100 b and 100 d. Inexemplary embodiments of the invention the plurality of doors anddevices can be large, for instance in the thousands, or even over.

As it was already discussed, each computing device is equipped with amemory. Any one of the computing devices holds in its memory a uniquefirst standard certificate, which belongs only to itself. The memory ofthe device may also hold the hash of the standard certificate as deviceidentifier, or alternatively, the computing device may compute the hashfrom the certificate “on the fly” when it contacts a door. This any oneof the computing devices further holds in its memory the dooridentifiers for all those doors, out of the first plurality of doors,that it is permitted to open, and these identifiers are uniquely linkedto the first copies of those shared secret keys that belong to the dooridentifiers. To illustrate, for instance, computing device 100 c hold inits memory a unique standard certificate that belongs only to itself, italso hold identifiers for door 110 a, and door 110 d. It also holdsfirst copies of two shared secret keys, those ones of which doors 110 aand 110 d hold a second copy of. The door identifiers link to theappropriate shared secret keys. For instance, the identifier of door 110a links in the memory of device 100 c to the shared secret key which iscommon to device 100 c and door 110 a. Accordingly when door 110 a sendsits own identifier and a message encrypted with a shared secret key todevice 100 c, the device 100 c upon receiving the message will “know” todecrypt it with that shared secret key which in its memory is associated(linked) with the identifier of door 110 a.

Each, and any one, door possesses matching information for each one ofthose computing devices out of the second plurality of computingdevices, that are permitted to open this any one door. The matchinginformation includes a device identifier, typically a hash code of thedevice's unique standard certificate, a public key part of the device'sunique first standard certificate, and a second copy of the sharedsecret key. The device identifier is linked to the appropriate publickey and shared secret key. For instance in FIG. 3 door 110 f possessesidentifiers of devices 100 b and 100 d. The identifier of device 100 bis linked to the public key part of the standard certificate of device100 b and to the second copy of that shared secret key, which is sharedbetween door 110 f and computing device 100 b. In the same manner, door110 a hold identifiers of devices 100 c and 100 d. The identifier ofdevice 100 d is linked to the public key part of the standardcertificate of device 100 d and to the second copy of that shared secretkey, which is shared between door 110 a and computing device 100 d.While identifier of device 100 c is linked to the public key part of thestandard certificate of device 100 c and to the second copy of thatshared secret key, which is shared between door 110 a and computingdevice 100 c.

Many modifications and variations of the present invention are possiblein light of the above teachings, and could be apparent for those skilledin the art. The scope of the invention is defined by the appendedclaims.

1. A method for secure unlocking of a door based on a shared secret key,comprising the steps of: providing a portable computing device, whereinthe computing device is equipped with a memory, and the memory holdsshared secret keys with matching door identifiers and a firstcertificate, wherein the computing device is adapted for performingoperations with shared secret keys and certificates, and wherein thecomputing device is adapted for communicating with the door; thecomputing device communicating to the door a device identifier; the doormakes a decision to issue a challenge to the computing device, whereinthe challenge is issued only on randomly selected occasions; thecomputing device responding to the challenge by demonstrating possessionof a private key of the first certificate; after a successful responseto a challenge and after receipt of computing device identifier when achallenge decision is not made the door responding with a dooridentifier and with an encrypted message, wherein the message isencrypted with the shared secret key, and wherein using the sharedsecret key for encrypting the message resulted from recognizing thedevice identifier communicated by the computing device; the computingdevice responding with a signal attesting decryption of the message,wherein the message has been decrypted in the computing device by theshared secret key, and wherein using the shared secret key fordecrypting the message resulted from recognizing the door identifiertransmitted by the door; and the door unlocking upon recognizingvalidity of the signal attesting decryption of the message.
 2. Themethod of claim 1, wherein the device identifier is a hash code of thefirst certificate.
 3. The method of claim 1, wherein the door identifieris a simple identifier and it is sent without encryption.
 4. The methodof claim 1, wherein the door has a second certificate, and the dooridentifier is a hash code of the second certificate.
 5. The method ofclaim 1, wherein the shared secret key is generated by the door andcommunicated with the computing device in private using a public key ofthe first certificate.
 6. The method of claim 1, wherein the private keyof the first certificate is encrypted with a first biometric key,wherein the first biometric key belongs to a rightful owner of thecomputing device, and wherein the computing device is provided with abiometric device, and wherein the step of responding to the challengefurther comprise the steps of: taking a biometric reading of a user ofthe computing device; generating a second biometric key using thebiometric reading; and decrypting the encrypted private key of the firstcertificate using the second biometric key, whereby if the first andsecond biometric keys are identical the decrypting using the secondbiometric key is successful, and the challenge can be successfullyresponded.
 7. A security system for controlling access, comprising: aplurality of doors and a plurality of portable computing devices foropening the plurality of doors; wherein each computing device isequipped with a memory that holds a unique first certificate, dooridentifiers for all the doors out of the plurality of doors that thecomputing device is permitted to open, and shared secret keys that matcheach door identifier of the plurality of doors that the computing deviceis permitted to open; wherein any one of the doors possesses a matchingshared secret key for each computing device that is permitted to openthe door, wherein the matching information comprises a deviceidentifier, wherein the device identifier is linked to a public key ofthe unique first certificate and the shared secret key, and wherein theplurality of doors and the plurality of computing devices have means forcommunicating between any device and any door and; wherein the any oneof the plurality of doors is adapted to recognize the device identifier,and further adapted to use the matching information to validateidenticalness of the shared secret key, and to issue a challenge onrandomly selected occasions to any computing device, using the publickey of the unique first certificate.
 8. The security system of claim 7,wherein the device identifier is a hash code of the unique firstcertificate.
 9. The security system of claim 7, wherein the dooridentifier is a simple identifier and it is communicated withoutencryption.
 10. The security system of claim 7, wherein the any one doorfurther possesses a unique second certificate.
 11. The security systemof claim 10, wherein the door identifier is a hash code of the uniquesecond certificate.
 12. The security system of claim 7, wherein theunique first certificate is having a private key and the private key isbeing encrypted with a first biometric key, wherein the first biometrickey belongs to a rightful owner of the computing device, wherein the anyone computing device is further comprising a biometric device, whereinthe any one computing device is further comprising a biometric device,wherein the biometric device is capable of generating a second biometrickey, wherein the second biometric key belongs to a user of the any onecomputing device, and wherein the second biometric key is used todecrypt the private key of the unique first certificate.
 13. Thesecurity system of claim 7, wherein the challenge by the any one door issuccessfully responded by demonstrating possession of a private key ofthe unique first certificate.
 14. The security system of claim 7,wherein the any one door is further adapted to generate a shared secretkey and communicate the shared key in private by using the public key ofthe unique first certificate.